Storing and backing up Data
During the research project you will need to store your research data so that it is secure and backed up regularly, but at the same time easily accessible to those who are authorised to do so.
The University’s Research Data Management Policy asks for all live research data to be stored on the University’s networked storage facilities, and it recommends the use of SHU Research Store (Q:\Research). There is no cap on the amount of storage a specific research project can use. Data will be backed up automatically to several locations on a daily basis, and are securely kept for a period of 90 days. The Research Store (Q:\Research) is conveniently accessible from wherever and whenever required, and access can be granted to students and third parties when required. It is therefore ideal for master copies of your research data.
Personal, confidential or sensitive data requires a storage solution that is compliant with the Data Protection Act and the University’s Data Protection Policy Statement. The Research Store (Q:\Research) can be used for these types of data under the condition that access permissions have been set up appropriately for a limited number of users. It is important to periodically review these access permissions, for example to reflect staff changes.
For more information on Q:\Research, see SHU Research Store.
Options
Generally there are four options for data storage:
- Networked drives.
You can store all kinds of information on your personal F: drive or the N: drive which is shared with members of staff. However, storage is limited and files on the N: drive cannot be shared with others than members of staff. Access to the Research Store (Q:\Research) can be granted to students and third parties when required. - Local drives on your PC or laptop.
Data can be lost because local drives can fail, or the computer may be lost or stolen — and, unless the information on them is encrypted, could be used by other people. Local drives may be convenient for short-term storage and data processing but they should normally not be relied upon for storing master copies. - Cloud-based storage.
The University has no control over cloud-based storage such as Dropbox and the company hosting your data will have access to all the material. Depending on their terms and conditions, they may also have the rights to use or publish the information in any way they choose — and their levels of security may not meet the level expected by members of staff and may not be backed up on a regular basis.The University does have an agreement with Google which allows staff to use a version of Google drive through their University log in details. This has different type of agreement from the personal versions of Google drive and keeps the copyright with the University, but is still not as secure as using the SHU Research Store. Please refer to the University’s Cloud Storage Policy if you are considering this option.Cloud storage solutions for personal, confidential and sensitive information — such as Dropbox and Google Drive — is not permitted, but exceptions may be made only if they meet the requirements of the University’s Electronic Data Encryption Policy and if they are agreed by local management and documented. - External portable storage devices.
External hard drives, USB drives, DVDs and CDs may be very convenient, cheap and portable, but they are not recommended for long-term storage. These types of portable storage can easily be lost, damaged or stolen — and, unless the information on them is encrypted, could be used by other people. They should never be used for unencrypted sensitive data.
The 3-2-1-rule is a simple way to remember best practice for backing up.
3. Keep 3 copies of important files (a primary and two backups)
2. on 2 different media types (such as encrypted: hard drives, memory sticks, CDs and online storage)
1. with 1 copy being stored offsite (or online)
Personal, confidential or sensitive data
Personal, confidential or sensitive data need higher levels of security than other data. In those cases, it is important that the storage solution you choose is compliant with the Data Protection Act and the University’s Data Protection Policy Statement. The University has Guidance on Data Protection (staff only) and guidance on the use of personal data by students.
Portable devices
Storage on portable devices and transferring personal information from one medium to another (for example via email) needs to be done with special care. If research data needs to be stored temporarily on portable devices such as laptops, tablets, phones, CDs and USB sticks, the researcher must ensure that this is done securely and that they comply with the University’s Electronic Data Encryption Policy. DTS publish Data Encryption Guidance (staff only).
Transferring
Transferring any personal, confidential and sensitive information also requires encryption. When sending these data via email, the email needs to be encrypted. When sending data via a USB stick, an encrypted USB stick should be used — FIPS 140-2 compliant USB sticks (conforming to normal encryption requirements) are available through the DTS self-service portal. Data can also be sent and received securely using the SHU ZendTo service.
- the University’s Data Protection Policy Statement (Secretariat) and DATA PROTECTION PRINCIPLES (Secretariat) (staff only)
- the University’s Research Data Management Policy
- the University’s Cloud Storage Policy (DTS) as well as the Electronic Information Security Framework (EISF) for all SHU policies relating to storing and transmitting electronic informaiton
- the University’s Electronic Data Encryption Policy (DTS) and Data Encryption Guidance(DTS) (staff only)
- Guidance on the use of personal data by students: your responsibilities
Email: library-research-support@shu.ac.uk Phone: 0114 225 3852
